cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <stef...@apache.org>
Subject Re: [Bug?] absolute redirection in flow appears not to be proxy safe
Date Sun, 04 Jan 2004 14:30:11 GMT

On 4 Jan 2004, at 10:10, Sylvain Wallez wrote:

> Stefano Mazzocchi wrote:
>
>> I came across a very weird problem today. I had two cocoon 
>> applications that were once running in different JVM instances, both 
>> mapped to / and I moved them into a single Jetty instance mapped on 
>> /A and /B (for simplicity).
>>
>> Then I modified the ProxyPass settings and used the jetty web.xml 
>> trick to change the cookie path.
>
>
> What's this "web.xml trick"?

see my last cvs commit log.

>> Now, the interesting thing was that while /A performed just like 
>> before, /B had a wierd problem: "redirects" were absolute to the 
>> "webapp server", not to the "web server".
>>
>> Both apps had the same exact version of cocoon (compiled this 
>> morning).
>>
>> After careful examination and extensive protocol dump, I was able to 
>> understand that while /A used
>>
>>  cocoon.redirectTo(../../index);
>>
>> /B used
>>
>>  cocoon.redirectTo(/index);
>>
>> and both turn up to the in the same position, but while the first 
>> actually works (the redirect is "remapped" to the original Proxy URL, 
>> not to the appserver one which is obviously firewalled), the second 
>> doesn't do remapping and the web application fails because it tries 
>> to connect to the webapp directly
>>
>> [actually it's even worse, because it tries to connect to the 
>> ProxyPass setting, which are http://localhost:8000/ in my case, so it 
>> tries to connect to *your* machine!]
>>
>> The interesting thing is that this worked perfectly in the past, when 
>> both were mapped to /, but I can't tell what broke since I moved them 
>> *and* change the version of cocoon at the same time.
>>
>> Did anybody experience a similar behavior?
>
>
> The explanation is in the servlet spec for 
> HttpServletResponse.sendRedirect: "If the location is relative with a 
> leading '/' the container interprets it as relative to the servlet 
> container root."
>
> Absolute paths don't redirect to the _webapp_ root, but the _servlet 
> container_ root. This means that redirectTo("/index") produces a 
> "http://localhost:8000/index" and not a 
> "http://localhost:8000/B/index".
>
> Since the redirect location doesn't start with the ProxyPassReverse 
> URL prefix, the httpd server sends that location verbatim to the 
> browser.
>
> Et voilĂ : redirecting to the webapp root cannot be done with an 
> absolute path.

This does not explain why redirect('/') worked before when /A was mount 
to / instead of /A. Or I'm missing something.

--
Stefano.


Mime
View raw message